Customer Service

Marketing & Sales

LiveAgent Bug Bounty Program

LiveAgent aims to keep its service safe for everyone, and data security is of utmost importance. If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help in disclosing it to us privately and giving us an opportunity to fix it before publishing technical details.

LiveAgent will engage with security researchers when vulnerabilities are reported to us as described here. We will validate, respond, and fix vulnerabilities in support of our commitment to security and privacy. We won’t take legal action against, suspend, or terminate access to the Service of those who discover and report security vulnerabilities responsibly. LiveAgent reserves all of its legal rights in the event of any noncompliance.

Reporting

Share the details of any suspected vulnerabilities with the LiveAgent Development Team at support@liveagent.com. Please do not publicly disclose these details outside of this process without explicit permission. In reporting any suspected vulnerabilities, please include as much information as possible. If you want to submit multiple reports at once, please submit onlyone report (the most important if possible) and wait for a response.

Compensation

We are pleased to offer a bounty for vulnerability information that helps us protect our customers as a thanks to the security researchers who choose to participate in our bug bounty program. The regular bounty reward is $50 per bounty submitted and verified by our dev team.

We will only reward the first reporter of a vulnerability. Any duplicate reports will not be rewarded.

Scope

You may only test against a LiveAgent Account for which you are the Account Owner or an Agent authorized by the Account Owner to conduct such testing. For example:

*yourdomain*.ladesk.com

We will reward you for the following types of vulnerabilities:

Remote Command Execution (RCE)

SQL Injection

Broken Authentication

Broken Session Management

Access Control Bypass

Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF)

Open URL Redirection

Directory Traversal

Reports of when an attacker can only threaten his own account will not be rewarded with a bounty. XSS caused by an Admin will not be rewarded with a bounty.